mollyim/webrtc
1
0
Fork 0
mirror of https://github.com/mollyim/webrtc.git synced 2025-05-13 05:40:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow list the places which send STUN_REQUEST w/o password

Browse source 
Bug: chromium:1177125
Change-Id: Ia58a596871c8f15b9638d026a336a30c15f89f90
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/327441
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41165}
This commit is contained in:
Jonas Oreland 2023-11-15 10:53:40 +01:00 committed by WebRTC LUCI CQ
parent 4ac371883e
commit 02ce5887b6
5 changed files with 32 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
p2p/base/stun_port.cc
View file

@ -46,7 +46,9 @@ class StunBindingRequest : public StunRequest {
std::make_unique<StunMessage>(STUN_BINDING_REQUEST)), std::make_unique<StunMessage>(STUN_BINDING_REQUEST)),
port_(port), port_(port),
server_addr_(addr), server_addr_(addr),
start_time_(start_time) {} start_time_(start_time) {
SetAuthenticationRequired(false);
}
const rtc::SocketAddress& server_addr() const { return server_addr_; } const rtc::SocketAddress& server_addr() const { return server_addr_; }

22
p2p/base/stun_request.cc
View file

@ -57,6 +57,10 @@ void StunRequestManager::Send(StunRequest* request) {
void StunRequestManager::SendDelayed(StunRequest* request, int delay) { void StunRequestManager::SendDelayed(StunRequest* request, int delay) {
RTC_DCHECK_RUN_ON(thread_); RTC_DCHECK_RUN_ON(thread_);
RTC_DCHECK_EQ(this, request->manager()); RTC_DCHECK_EQ(this, request->manager());
RTC_DCHECK(!request->AuthenticationRequired() ||
request->msg()->integrity() !=
StunMessage::IntegrityStatus::kNotSet)
<< "Sending request w/o integrity!";
auto [iter, was_inserted] = auto [iter, was_inserted] =
requests_.emplace(request->id(), absl::WrapUnique(request)); requests_.emplace(request->id(), absl::WrapUnique(request));
RTC_DCHECK(was_inserted); RTC_DCHECK(was_inserted);
@ -104,15 +108,23 @@ bool StunRequestManager::CheckResponse(StunMessage* msg) {
StunRequest* request = iter->second.get(); StunRequest* request = iter->second.get();
// Now that we know the request, we can see if the response is // Now that we know the request, we can see if the response is
// integrity-protected or not. // integrity-protected or not. Some requests explicitly disables
// For some tests, the message integrity is not set in the request. // integrity checks using SetAuthenticationRequired.
// Complain, and then don't check. // TODO(chromium:1177125): Remove below!
// And we suspect that for some tests, the message integrity is not set in the
// request. Complain, and then don't check.
bool skip_integrity_checking = bool skip_integrity_checking =
(request->msg()->integrity() == StunMessage::IntegrityStatus::kNotSet); (request->msg()->integrity() == StunMessage::IntegrityStatus::kNotSet);
if (skip_integrity_checking) { if (!request->AuthenticationRequired()) {
// This is a STUN_BINDING to from stun_port.cc or
// the initial (unauthenticated) TURN_ALLOCATE_REQUEST.
} else if (skip_integrity_checking) {
// TODO(chromium:1177125): Remove below!
// This indicates lazy test writing (not adding integrity attribute). // This indicates lazy test writing (not adding integrity attribute).
// Complain, but only in debug mode (while developing). // Complain, but only in debug mode (while developing).
RTC_DLOG(LS_ERROR) RTC_LOG(LS_ERROR)
<< "CheckResponse called on a passwordless request. Fix test!";
RTC_DCHECK(false)
<< "CheckResponse called on a passwordless request. Fix test!"; << "CheckResponse called on a passwordless request. Fix test!";
} else { } else {
if (msg->integrity() == StunMessage::IntegrityStatus::kNotSet) { if (msg->integrity() == StunMessage::IntegrityStatus::kNotSet) {

7
p2p/base/stun_request.h
View file

@ -115,6 +115,12 @@ class StunRequest {
// Time elapsed since last send (in ms) // Time elapsed since last send (in ms)
int Elapsed() const; int Elapsed() const;
// Add method to explitly allow requests w/o password.
// - STUN_BINDINGs from StunPort to a stun server
// - The initial TURN_ALLOCATE_REQUEST
void SetAuthenticationRequired(bool val) { authentication_required_ = val; }
bool AuthenticationRequired() const { return authentication_required_; }
protected: protected:
friend class StunRequestManager; friend class StunRequestManager;
@ -155,6 +161,7 @@ class StunRequest {
bool timeout_ RTC_GUARDED_BY(network_thread()); bool timeout_ RTC_GUARDED_BY(network_thread());
webrtc::ScopedTaskSafety task_safety_{ webrtc::ScopedTaskSafety task_safety_{
webrtc::PendingTaskSafetyFlag::CreateDetachedInactive()}; webrtc::PendingTaskSafetyFlag::CreateDetachedInactive()};
bool authentication_required_ = true;
}; };
} // namespace cricket } // namespace cricket

4
p2p/base/stun_request_unittest.cc
View file

@ -79,7 +79,9 @@ class StunRequestThunker : public StunRequest {
public: public:
StunRequestThunker(StunRequestManager& manager, StunRequestTest* test) StunRequestThunker(StunRequestManager& manager, StunRequestTest* test)
: StunRequest(manager, CreateStunMessage(STUN_BINDING_REQUEST)), : StunRequest(manager, CreateStunMessage(STUN_BINDING_REQUEST)),
test_(test) {} test_(test) {
SetAuthenticationRequired(false);
}
std::unique_ptr<StunMessage> CreateResponseMessage(StunMessageType type) { std::unique_ptr<StunMessage> CreateResponseMessage(StunMessageType type) {
return CreateStunMessage(type, msg()); return CreateStunMessage(type, msg());

2
p2p/base/turn_port.cc
View file

@ -1314,6 +1314,8 @@ TurnAllocateRequest::TurnAllocateRequest(TurnPort* port)
message->AddAttribute(std::move(transport_attr)); message->AddAttribute(std::move(transport_attr));
if (!port_->hash().empty()) { if (!port_->hash().empty()) {
port_->AddRequestAuthInfo(message); port_->AddRequestAuthInfo(message);
} else {
SetAuthenticationRequired(false);
} }
port_->MaybeAddTurnLoggingId(message); port_->MaybeAddTurnLoggingId(message);
port_->TurnCustomizerMaybeModifyOutgoingStunMessage(message); port_->TurnCustomizerMaybeModifyOutgoingStunMessage(message);